BART Hacks Show Need for Physical and Network Security
I've been following two security-related stories this past week: the growing problem of violent flash mobs and the alleged Anonymous hacks targeting San Francisco's BART websites. I think the two stories are going to define a new reality for network security: the intersection between network security and physical security.
If you haven't followed the story in San Francisco, officials in San Francisco decided to shut down cell phone service at some of its mass-transit stations in an attempt to stop a potential protest against the killing of a homeless man, allegedly by BART police. The hacking group Anonymous responded to the cell phone outage with a hack on a website used by BART passengers. The San Francisco Chronicle reported a comment from Anonymous:
"We are Anonymous, we are your citizens, we are the people, we do not tolerate oppression from any government agency," the hackers wrote in an online posting. "BART has proved multiple times that they have no problem exploiting and abusing the people."
There was a second BART-related hack, this time on the BART police database.
Anonymous and similar groups have become very prolific at attacking any organization they don't like or agree with, but this might be the first time (and please correct me if I'm wrong) where the hack came as a result of a government entity taking an act to ensure the safety of the community.
What is happening in San Francisco shows that the lines between physical security and network security are blurring a bit. City officials need to make sure they are protecting their citizens and their employees online as well as offline.